From owner-freebsd-security@freebsd.org Tue May 15 15:51:47 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 439EFEE39D8 for ; Tue, 15 May 2018 15:51:47 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB2936C9A9 for ; Tue, 15 May 2018 15:51:46 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-wm0-x22c.google.com with SMTP id f6-v6so1899177wmc.4 for ; Tue, 15 May 2018 08:51:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ot60zm5Ia4C4JosuVT5Q7NiHkxpFmnLbAkbWsWhQRr4=; b=iaul3z6Nk4xQpi8isfTqM+geA7KlXVvPu3tysVALTIOxnb+BAsrWvCLe8Br+irF5Fw 6tVaqhhn0gKD5Nswan7vcb0pwrkIcNQ8HAzDLgbSZN9WUIWP/heQsxPh2IijWKsBGePG uTyPN/WI80r14WgiAmiDIPOVqGByl/2AJ2UkV4XMTKQjzkF8wKZLMHHiBpdmOm18Q7j5 vlOrQsQG4AC38oKKOx2LdPSN+SfFJDWyjKuM++Bd51pbboGh1hjRmJtQcqz+18SRofZ8 J6uJJDcxVh8/wcObceragrEnIrEWOU9t7sJ5DTJrnJmRkSdmvqcKe1sk2updcbssTdXu jIug== X-Gm-Message-State: ALKqPwf6nuvjSBxDtiPkEHE96nHNEsOtYlg8pktezSueBE4JmSxA49qC 2eEU0ls4XBVx1uGLRFCSpX3GMg== X-Google-Smtp-Source: AB8JxZqNhBOcPRN4RIeGCIv/4OR9gh9ykqPibvaYdGvdZCXRkyawg8MJb9x711IPsHkCKVsYAXWgFQ== X-Received: by 2002:a1c:6ce:: with SMTP id 197-v6mr7816034wmg.141.1526399505493; Tue, 15 May 2018 08:51:45 -0700 (PDT) Received: from gumby.homeunix.com ([90.195.192.11]) by smtp.gmail.com with ESMTPSA id m69-v6sm952056wmd.47.2018.05.15.08.51.44 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 15 May 2018 08:51:44 -0700 (PDT) Date: Tue, 15 May 2018 16:51:43 +0100 From: RW To: freebsd-security@freebsd.org Subject: Re: Querying entropy state Message-ID: <20180515165143.393c72b1@gumby.homeunix.com> In-Reply-To: <20180515155444.0bb41e5f@gumby.homeunix.com> References: <130fc299-7d4e-e3fe-7ba8-d4d3a677591f@FreeBSD.org> <20180515155444.0bb41e5f@gumby.homeunix.com> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.1) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2018 15:51:47 -0000 On Tue, 15 May 2018 15:54:44 +0100 RW wrote: > On Tue, 15 May 2018 12:17:28 +0100 > Chris Rees wrote: > > > Hello all, > > > > Since the new random device has been put in, sysutils/monitorix no > > longer has a sysctl to poll to view the current state of entropy > > (i.e. kern.random.sys.seeded). > > > > I have come to the understanding that it is no longer necessary or > > relevant information with the new driver, and entropy is always at > > an acceptable state; the author has suggested disabling this test on > > FreeBSD. > > > > Am I correct that there is no point in checking for entropy any > > more, and the entropy is unmeasurable? > > It hasn't been for many years. > > kern.random.sys.seeded was set when yarrow first seeded itself after a > boot. As long as there's an entropy file this happened very early, and > ordinary computers would spontaneously seed well before that. The > sysctl was only relevant in some special cases like certain embedded > devices. And now I come to think of it, initrandom would throw in some low grade entropy to unblock the device even if there was no entropy file, so with the standard rc files the sysctl did nothing useful.